From 83fa1d38c44f16a76dd98407e321b9cc9b5b5743 Mon Sep 17 00:00:00 2001 From: Micah Lee Date: Sun, 20 Jun 2021 20:08:45 -0700 Subject: [PATCH] Download Tor Browser Developers signing key using requests instead of gnupg, and make a new common.proxies() method for downloading WKD key over Tor --- torbrowser_launcher/common.py | 79 +++++++++++++++++++-------------- torbrowser_launcher/launcher.py | 13 +----- 2 files changed, 48 insertions(+), 44 deletions(-) diff --git a/torbrowser_launcher/common.py b/torbrowser_launcher/common.py index 7c1a42d..380b8f6 100644 --- a/torbrowser_launcher/common.py +++ b/torbrowser_launcher/common.py @@ -36,6 +36,7 @@ import json import re import gettext import gpg +import requests SHARE = os.getenv("TBL_SHARE", sys.prefix + "/share") + "/torbrowser-launcher" @@ -213,7 +214,8 @@ class Common(object): "signing_keys": { "tor_browser_developers": os.path.join( SHARE, "tor-browser-developers.asc" - ) + ), + "wkd_tmp": os.path.join(tbb_cache, "torbrowser.gpg") }, "mirrors_txt": [ os.path.join(SHARE, "mirrors.txt"), @@ -248,8 +250,10 @@ class Common(object): } # Add the expected fingerprint for imported keys: + tor_browser_developers_fingerprint = "EF6E286DDA85EA2A4BA7DE684E2C6E8793298290" self.fingerprints = { - "tor_browser_developers": "EF6E286DDA85EA2A4BA7DE684E2C6E8793298290" + "tor_browser_developers": tor_browser_developers_fingerprint, + "wkd_tmp": tor_browser_developers_fingerprint, } # create a directory @@ -274,41 +278,50 @@ class Common(object): self.mkdir(self.paths["gnupg_homedir"]) self.import_keys() - def refresh_keyring(self, fingerprint=None): - if fingerprint is not None: - print("Refreshing local keyring... Missing key: " + fingerprint) + def proxies(self): + # Use tor socks5 proxy, if enabled + if self.settings["download_over_tor"]: + socks5_address = "socks5h://{}".format(self.settings["tor_socks_address"]) + return {"https": socks5_address, "http": socks5_address} else: - print("Refreshing local keyring...") + return None + + def refresh_keyring(self): + print("Downloading latest Tor Browser signing key...") # Fetch key from wkd, as per https://support.torproject.org/tbb/how-to-verify-signature/ - p = subprocess.Popen( - [ - "gpg", - "--status-fd", - "2", - "--homedir", - self.paths["gnupg_homedir"], - "--auto-key-locate", - "nodefault,wkd", - "--locate-keys", - "torbrowser@torproject.org", - ], - stderr=subprocess.PIPE, + # Sometimes GPG throws errors, so comment this out and download it directly + # p = subprocess.Popen( + # [ + # "gpg", + # "--status-fd", + # "2", + # "--homedir", + # self.paths["gnupg_homedir"], + # "--auto-key-locate", + # "nodefault,wkd", + # "--locate-keys", + # "torbrowser@torproject.org", + # ], + # stderr=subprocess.PIPE, + # ) + # p.wait() + + # Download the key from WKD directly + r = requests.get( + "https://torproject.org/.well-known/openpgpkey/hu/kounek7zrdx745qydx6p59t9mqjpuhdf?l=torbrowser", + proxies=self.proxies(), ) - p.wait() - - for output in p.stderr.readlines(): - match = gnupg_import_ok_pattern.match(output) - if match and match.group(2) == "IMPORT_OK": - fingerprint = str(match.group(4)) - if match.group(3) == "0": - print("Keyring refreshed successfully...") - print(" No key updates for key: " + fingerprint) - elif match.group(3) == "4": - print("Keyring refreshed successfully...") - print(" New signatures for key: " + fingerprint) - else: - print("Keyring refreshed successfully...") + if r.status_code != 200: + print(f"Error fetching key, status code = {r.status_code}") + else: + with open(self.paths["signing_keys"]["wkd_tmp"], "wb") as f: + f.write(r.content) + + if self.import_key_and_check_status("wkd_tmp"): + print("Key imported successfully") + else: + print("Key failed to import") def import_key_and_check_status(self, key): """Import a GnuPG key and check that the operation was successful. diff --git a/torbrowser_launcher/launcher.py b/torbrowser_launcher/launcher.py index 70f309e..4f2ae8a 100644 --- a/torbrowser_launcher/launcher.py +++ b/torbrowser_launcher/launcher.py @@ -66,6 +66,7 @@ class Launcher(QtWidgets.QMainWindow): def __init__(self, common, app, url_list): super(Launcher, self).__init__() self.common = common + self.common.refresh_keyring() self.app = app self.url_list = url_list @@ -549,16 +550,6 @@ class DownloadThread(QtCore.QThread): self.common = common self.url = url self.path = path - - # Use tor socks5 proxy, if enabled - if self.common.settings["download_over_tor"]: - socks5_address = "socks5h://{}".format( - self.common.settings["tor_socks_address"] - ) - self.proxies = {"https": socks5_address, "http": socks5_address} - else: - self.proxies = None - def run(self): with open(self.path, "wb") as f: try: @@ -567,7 +558,7 @@ class DownloadThread(QtCore.QThread): self.url, headers={"User-Agent": "torbrowser-launcher"}, stream=True, - proxies=self.proxies, + proxies=self.common.proxies(), ) # If status code isn't 200, something went wrong -- 2.44.0